- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Configure 240D for Dedicated Server Hosting
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Configure 240D for Dedicated Server Hosting
For example, carrier provides me with qty 2 sets 32 IP address and I want to host 1u servers where I will provide 1 IP (public) address and 1 server management IP address for an HP server or Dell server. How do I allocate a single IP address out of the IP block? Provide a second IP subnet and assign for the server management IP.
TRied looking for a sample config, either it is not out there or more likely I am asking the wrong questions.
My goal is to prevent a server neighbor reconfiguring their WAN IP that they have not been assigned and causing an interruption with another server with similar IP.
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
let me re-play what I think you want to do. You have 64 internet routable addresses, which means say about 29 hosts you can have in use (since you want to allocate each one a separate address for the management interface you use two addresses, and you don't actually get 32 addresses in a /27, you only get 30 usable and I assume you may want a dedicated IP for your own management; if you have a /26 range rather than two /27's you get an extra two usable IPs). What you want to do is protect the other tenants from someone who changes the IP address on their hosted server or their hosted server management connection, so it doesn't cause an outage or intercept traffic meant for another tenant. Did I get that reasonably correct?
I'm a bit old school so may not have new and fresh ideas that FGTs are capable of, and I'm not going to give you a complete security solution here, but here's how I'd approach it in a simple to understand solution. At the fortigate perimeter, you're going to have a set of IPs defined on the WAN. You'll then have NATs that translate traffic from the external IP address to the assigned internal IP addresses (10.x or your choice of non-routables). On the inside, I'd be using VLANs so that you don't get any chance to jump addresses through random guessing of IP, subnet, and gateways. You hard allocate a host to a VLAN (through cabling) and give it some fixed IP addresses, and if the server manager decides to change the IP address then they lose access to the box. if they move the IP from say 10.0.0.5 to 10.0.0.6, the external NAT no longer works; if they move the IP to 10.0.1.5 then the VLAN trips them up and they don't block the neighbour's server that lives on that IP address and can't absorb traffic that wasn't meant for them.
To permit inbound access you'd have a set of VLAN interfaces on the FGT and each tenant's policy ruleset would permit traffic from WAN to their VLAN (and only their VLAN).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You would not have these configuration problems if you were using better dedicated server. I use bare metal server and those are much better for use. They are a bit more expensive than virtual servers, but it is really worth it. The good thing about them is that the price is lowering and now it is really great to buy them on GTHost. They are really cool because they will set it up in 15 minutes so you won't bother with that. Your latency will always be good and there will be no glitches or lag, and you can always rely on their customer support for help. It does cost more, but if you think about it, in the long run it is much better investment.
Related Posts
- Configuring S2S link over dedicated link 172 Views
- FortiGate won't let standalone switch be... 1360 Views
- Question on configuring a Guest SSID... 660 Views
- how to stack fortiswitch? 3756 Views
- VDOM Enabled FortiGate showing alerts "Unable... 632 Views
Labels
-
FortiGate
6,438 -
FortiClient
1,282 -
5.2
801 -
5.4
639 -
FortiManager
560 -
6.0
416 -
FortiAnalyzer
410 -
5.6
362 -
FortiSwitch
330 -
FortiAP
325 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
IPsec
63 -
Wireless Controller
57 -
SSL-VPN
52 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
17 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
Traffic shaping
8 -
Virtual IP
8 -
RADIUS
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
NAT
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiAuthenticator
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
Intrusion prevention
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.